The Hacker News2h
Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
Cisco has patched two critical ISE vulnerabilities (CVEs 2025-20124, 2025-20125) allowing remote command execution and privilege escalation. Update no ...
The Hacker News5h
Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform
Microsoft patched a critical SSRF flaw in Power Platform's SharePoint connector, risking credential theft and data breaches ...
The Hacker News6h
Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104
Google’s February 2025 update patches 47 Android flaws, including CVE-2024-53104, exploited in the wild, and CVE-2024-45569 ...
The Hacker News6h
AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks
Hackers deliver AsyncRAT using Dropbox URLs and TryCloudflare tunnels, exploiting legitimate services to bypass security ...
The Hacker News19h
Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign
Lazarus Group targets job seekers via fake LinkedIn offers, delivering malware that steals crypto wallet data.
The Hacker News19h
Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks
Seqrite Labs said it observed some level of tactical overlaps between the threat actor and YoroTrooper (aka SturgeonPhisher), ...
The Hacker News21h
Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts
Microsoft 365 tenants faced ATO attempts by late 2024, with attackers using HTTP clients like Axios and Node Fetch.
The Hacker News22h
New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack
"A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute ...
The Hacker News23h
Navigating the Future: Key IT Vulnerability Management Trends
24% of companies ran 4+ vulnerability scans in 2024, up from 15% in 2023, showing a shift to continuous monitoring.